Auditability

Standard: Change Control

Change control procedures will be applied to the structure of data and document stores and the business processes that affect them, to ensure the contextual integrity of current content and that historical material maintains its integrity. Applications that create or maintain data or documents and interfaces to downstream systems e.g. a data warehouse, must be included in the change control process.

Supports Policies: Auditability; Interchange, Replication, Interfaces

Scope and Interpretation

The change procedure must ensure that all parties involved, whether internal or external to the agency, are consulted appropriately. Analysis of system change must include all interfaces to both internal and external systems.

The Business Custodian will ensure that adequate change control procedures exist within the agency and that they are regularly audited for effectiveness. The procedures must cover both system and business process changes that affect agency data and document stores.

Rationale

Uncontrolled changes to the structure of data and document stores or to systems and business processes that manipulate their content, has the potential to quickly destroy integrity. While change is often essential to meet business needs, it must be controlled to preserve existing investment.

Standard: Audit trail

Agencies must have an audit trail where there is a statutory or business requirement for audit and monitoring of creation, update, deletion, and in some cases retrieval events, applied to data element content or document metadata and content.

Supports Policies: Auditability

Scope and Interpretation

This standard is focussed primarily on monitoring permitted activity, so agencies must carefully analyse requirements to ensure all relevant areas are covered. See also Policies: Access Rules and related standards on the prevention of unauthorised access.

While changes to data or document content are usually the most critical events, in some cases agencies will also need to log the retrieval of designated sensitive content.

Logging systems must produce alerts when events outside the agency access rules occur. Over time, patterns of valid system use should be established so that significant variations can be recognised and investigated.

While this type of logging is easily applied to electronic data and documents, paper based systems would require elaborate security arrangements to achieve the same result. Costs for this could only be justified for highly confidential documents.

Staff need to know what activities are being monitored and regular reporting must be in place.

Rationale

The existence of viable event logging, monitoring and reporting systems is a major deterrent to breaching security, and a major aid to determining accountability when it does occur. They deliver the ability to establish location, user and change/access event across the data and document asset base.